Bug #29235 Using AutoGenerated keys with the MySQL Membership Provider causes an exception.
Submitted: 20 Jun 2007 13:03 Modified: 2 Jul 2007 5:07
Reporter: Avi Dorfman Email Updates:
Status: Closed Impact on me:
None 
Category:Connector / NET Severity:S2 (Serious)
Version:5.1.2.2 OS:Windows
Assigned to: CPU Architecture:Any
Tags: autogenerate, decryptionkey, isolateapps, machinekey, mysql.web.security, validationkey

[20 Jun 2007 13:03] Avi Dorfman
Description:
When running an ASP.NET application under Visual Studio 2005 with it's validationKey and\or decryptionKey settings set to "AutoGenerate[,IsolateApps]" and not a key value, the MySQL Membership and Role Providers raise an exception while trying to encrypt, decrypt or hash data:
"Additional non-parsable characters are at the end of the string".

After looking deeper into the process, I noticed it is because the providers access the literal setting of the validation and decryption keys from the Web.config file, so they retrieve "AutoGenerate,IsolateApps" instead of the actual key, and fail to convert those strings into hexadecimal keys.

How to repeat:
1) Change your validationKey and decryptionKey settings in Web.config to "AutoGenerate,IsolateApps".
2) Define the MySQL Membership and\or Role providers for use in your web application.
3) Try to add a new user using the Membership.CreateUser method.

Suggested fix:
Manually replace the "AutoGenerate,IsolateApps" value with a real hexadecimal key.
(It's only a temporary fix)
[21 Jun 2007 17:13] Bugs System
A patch for this bug has been committed. After review, it may
be pushed to the relevant source trees for release in the next
version. You can access the patch from:

  http://lists.mysql.com/commits/29328
[21 Jun 2007 17:13] Reggie Burnett
Fixed in 5.1.3
[2 Jul 2007 5:07] MC Brown
A note has been added to the 5.1.3 changelog: 

Using the membership/role providers when validationKey or decryptionKey parameters are set to AutoGenerate, an exception would be raised when accessing the corresponding values.